Link to home
Avatar of rikmyr

asked on

RRAS wont work with IIS 7.5

Hello all,
I currently run Windows Server 2008 R2, IIS 7.5 and RRAS. THe issue is when select the interface under general in RRAS and go to properties, there is a checkmark "Enable IP Router Manager" when I uncheck it Im able to ping, tracert and basically access the server from the external ip over the internet but the catch is that internally my connceted devices that use rras to connect to the internet no longer have itnernet access. And the oppsite when the box is checkmarked. Is there a way to still have internet access but access the web server or serevr in general at the same time?
Avatar of GRGrayban
Flag of United States of America image

I am not 100% sure of your issue as I always have IP Routing on, But I will give you my best shot.

When enabling IP Routing, the server basically becomes a switch (local host). This is what you want. Since you are running IIS on it and TMG is also your proxy, Port issues come into play. Publishing web sites on port 80 will be a problem if you are using proxy on port 80. It is not the "best" thing to do, but you can work through this. Keep in mind the order that services start. The one that grabs port 80 1st, wins. Not to get into particular details, make sure of the following:
1. Make sure Proxy is set to a different port such as 8080
2. If you want to PING the outside NIC say from your home, create a rule to allow ICMP from external to the ip address of the outside nic.
3. Add RRAS netowrk group (or replace "internal" with "all protected") to proxy rule. Only "internal" is included in "from" for this rule by default.

RRAS Through TMG MMC (Don't modify in RRAS MMC)
1. Make sure you have routes for your local LAN and RRAS networks.
2. Make sure that a route points to the outside

There are a lot of details I have left out here, but these are the basic check points. In the end it is very simply in theory:
- RRAS must have routes for local and external destinations
- IIS and Proxy cannot use same ports
- TMG must have rules created / modified to allow traffic to and from the internet.

Look at logging in the TMG and youw will see where traffic is getting block by a rule. The concept is very simple, but the configuration is very complex. For exact details and start-up instructions, the "isaserver" website is dedicated to the TMG/ISA/RRAS products and there are many tutorials. Just as a side note, TMG locks itself down hard and to run anything on it requires rules to be created. Expect a lot of tweaking and knowledge before you get IIS/TMG/RRAS to work perfectly together,

Good luck!
Avatar of rikmyr

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of rikmyr


it works!
Yep, that is part of configuring TMG. Should have mentioned that NAT-ing must be on. Soundls like you have a good handle on this.